Changeset 3415496

Timestamp:

12/09/2025 02:07:58 PM (5 days ago)

Author:

bastho

Message:

Sanitize values

File:

• eelv-redirection/trunk/eelv_redirection.php (modified) (2 diffs)

eelv-redirection/trunk/eelv_redirection.php

@@ -29 +29 @@
         return false;
     }
-    if(defined('REDIRECT_ALLOW_USER_AGENT') && strstr($_SERVER['HTTP_USER_AGENT'], REDIRECT_ALLOW_USER_AGENT)){
+    if(defined('REDIRECT_ALLOW_USER_AGENT') && isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], REDIRECT_ALLOW_USER_AGENT)){
         @header("X-Redirect-Debug: Allowed by user-agent pattern", true);
         return false;
     }
-    return ($dir!='wp-admin' && $dir!='network' && !preg_match('#^/wp-(.*).php#', $_SERVER['SCRIPT_NAME']));
+    return ($dir!='wp-admin' && $dir!='network' && isset($_SERVER['SCRIPT_NAME']) && !preg_match('#^/wp-(.*).php#', $_SERVER['SCRIPT_NAME']));
 }
 
 function get_redirect_url(){
     $redirect_url = get_option('eelv_url_redirect');
-    if(strstr($redirect_url, '%query_string%')){
-        $redirect_url =str_replace('%query_string%', $_SERVER['QUERY_STRING'], $redirect_url);
+    if(strstr($redirect_url, '%query_string%') && isset($_SERVER['QUERY_STRING'])){
+        $redirect_url =str_replace('%query_string%', sanitize_text_field($_SERVER['QUERY_STRING']), $redirect_url);
     }
-    if(strstr($redirect_url, '%request_uri%')){
-        $redirect_url =str_replace('%request_uri%', $_SERVER['REQUEST_URI'], $redirect_url);
+    if(strstr($redirect_url, '%request_uri%') && isset($_SERVER['REQUEST_URI'])){
+        $redirect_url =str_replace('%request_uri%', sanitize_text_field($_SERVER['REQUEST_URI']), $redirect_url);
     }
     return $redirect_url;
@@ -90 +90 @@
     // If they did, this hidden field will be set to 'Y'
     if( isset($_POST[ 'eelv_url_redirect' ])) {
-        if (wp_verify_nonce( $_REQUEST['_wpnonce'], 'eelv_redirection_settings')){  
+        if (wp_verify_nonce( sanitize_text_field($_REQUEST['_wpnonce']), 'eelv_redirection_settings')){  
             update_option( 'eelv_url_redirect', esc_url_raw(filter_input(INPUT_POST, 'eelv_url_redirect', FILTER_SANITIZE_URL)));
-            update_option( "eelv_code_redirect", sanitize_text_field($_POST[ 'eelv_code_redirect' ]));
-            update_option( "eelv_when_redirect", sanitize_text_field($_POST[ 'eelv_when_redirect' ]));
+            update_option( "eelv_code_redirect", sanitize_text_field($_POST[ 'eelv_code_redirect' ] ?? ''));
+            update_option( "eelv_when_redirect", sanitize_text_field($_POST[ 'eelv_when_redirect' ] ?? ''));
             ?>
-            <div class="updated"><p><strong><?php echo esc_html(__('Option saved','eelv-redirection'))?></strong></p></div>
+            <div class="updated"><p><strong><?php esc_html_e('Option saved','eelv-redirection'); ?></strong></p></div>
             <?php
         }else{
             ?>    
-            <div class="error"><p><strong><?php echo esc_html(__('Warning there has been a hacking attempt','eelv-redirection'))?></strong></p></div>
+            <div class="error"><p><strong><?php esc_html_e('Warning there has been a hacking attempt','eelv-redirection'); ?></strong></p></div>
             <?php
         }